DevFW-CICD/ingress-nginx-helm
14
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
1606 commits 4 branches 217 tags 166 MiB
Commit graph

782 commits

Author SHA1 Message Date
Manuel Alejandro de Brito Fontes
12d2c4f689 Merge pull request #690 from aledbf/avoid-empty-secret 
Fix IP in logs for https traffic
 2017-05-12 10:44:20 -03:00
Payam Hekmat
dd894f0f73 Add config for X-Forwarded-For trust 
Use the same config option for `set_real_ip_from` when not using proxy protocol. The default remains `0.0.0.0/0`, which is insecure if the ingress is publicly accessible. This at least provides a workaround for #200
 2017-05-11 21:55:35 -05:00
Manuel de Brito Fontes
a537d2d0fa Remove secrets from ingress after a Delete event 2017-05-11 22:19:16 -03:00
Manuel de Brito Fontes
4bd4bf3be6 Fix remote address in log when protocol is https 2017-05-11 15:04:19 -03:00
Dan Cech
485098fd69 use nginx vts module version 0.1.14 2017-05-11 13:56:42 -04:00
David Pratt
d56d8b7da1 Use proxy-protocol to pass through source IP to nginx 2017-05-10 16:22:48 -05:00
Manuel Alejandro de Brito Fontes
317f222527 Merge pull request #679 from ckeyer/template_getenv 
add getenv
 2017-05-10 08:50:11 -03:00
Chuanjian Wang
87b05847bf
add template function getenv 
Signed-off-by: Chuanjian Wang <me@ckeyer.net>
 2017-05-10 14:35:42 +08:00
Donald Guy
2d1b6dc9c9 [nginx] pass non-SNI TLS hello to default backend, Fixes #693 2017-05-08 17:44:43 -04:00
Nick Sardo
4601775c18 [GLBC] Set Description field for backend services (#681) 
Set svc namespace/name/port in description field of backend services
 2017-05-05 11:34:40 -07:00
Julian V. Modesto
5614f42f63 Fix affinity doc. 
Should be string `cookie`, not boolean.
 2017-05-05 10:26:28 -04:00
Manuel Alejandro de Brito Fontes
45ba1c7c1d Merge pull request #685 from matjazp/fix-hsts-preload 
Fix error in generated nginx.conf for optional hsts-preload
 2017-05-04 09:03:57 -03:00
Matjaz Pancur
d402e16eb8 Fix error in generated nginx.conf hsts-preload 2017-05-04 11:29:32 +02:00
caiyixiang
f4da971b86 nginx/pkg/config: delete unuseful variable 2017-05-02 17:24:01 +08:00
Manuel Alejandro de Brito Fontes
6bf5d7586c Merge pull request #673 from jeffpearce/jeffpearce/lb 
Override load balancer alg view config map
 2017-04-29 13:13:08 -03:00
Jeff Pearce
a5d58cc521 Override load balancer alg view config map 2017-04-29 08:37:24 -07:00
Manuel Alejandro de Brito Fontes
4555a64572 Merge pull request #664 from aledbf/beta5 
Release nginx 0.9-beta.5
 2017-04-27 22:18:53 -03:00
Nick Sardo
3ac784a7ec Doc changes for version bump 2017-04-27 17:16:09 -07:00
Manuel de Brito Fontes
83cb03b51c Release 0.9-beta.5 2017-04-27 20:28:05 -03:00
Manuel Alejandro de Brito Fontes
e911f20405 Merge pull request #661 from aledbf/update-client-go 
Avoid running nginx if the configuration file is empty
 2017-04-26 23:58:15 -03:00
Manuel de Brito Fontes
f4147e9e6c Avoid running nginx if the configuration file is empty 2017-04-26 23:34:36 -03:00
Nick Sardo
b01dc68e30 [GLBC] Specify balancing mode for backends being added to existing backend service (#652) 
Add backends of proper type to backend service
 2017-04-26 16:02:17 -07:00
Nick Sardo
14054be571 [GLBC] Fix problem surfacing error (#658) 
* use syncError in defer GC

* surface other err as well
 2017-04-26 15:30:33 -07:00
Nick Sardo
cd3e546c80 [GLBC] Better certificate handling (#639) 
* Harden ssl cert logic to handle unknown state

* Do not delete non-controller-created certificates (pre-shared certs)

* Remove unnecessary variable

* Added three tests to check ssl certificate naming

* Address review comments

* Early return instead of large code block
 2017-04-26 11:15:19 -07:00
Manuel Alejandro de Brito Fontes
201a109bb5 Merge pull request #637 from aledbf/0.9.0-beta.4 
[nginx] 0.9.0 beta.4
 2017-04-25 18:10:16 -03:00
Yash Thakkar
09b3a998cf Update README.md 
fixed tcp services example link.

note: udp services link is also broken, I don't know correct link path.
 2017-04-26 01:40:33 +05:30
Eduardo Baitello
f737cdcae5 Fix default value information 
proxy-read-timeout and proxy-send-timeout default value is 60 seconds, not 30.
 2017-04-25 16:27:18 -03:00
Manuel de Brito Fontes
5684c82d6c Release 0.9-beta.4 2017-04-24 22:51:49 -03:00
Manuel de Brito Fontes
ab1f04b9c2 Add support for https in proxy request for external authentication 2017-04-24 22:14:38 -03:00
Arjan Schaaf
1a191846a9 Mentioned in the comments of #180 the annotation for configuration snippets was missing from the configuration documentation 2017-04-24 16:27:56 +02:00
Arjan Schaaf
389e0f527c Nginx sticky annotations #258 made the global enable-sticky-sessions obsolete 2017-04-21 14:57:45 +02:00
Manuel de Brito Fontes
12d4aadf74 Allow configuration of features underscores_in_headers and ignore_invalid_headers 2017-04-20 18:12:16 -03:00
Manuel de Brito Fontes
786d977a90 Fix lint errors 2017-04-20 16:48:14 -03:00
Manuel Alejandro de Brito Fontes
f6af1ca023 Merge pull request #614 from aledbf/refactor-passthrough 
Refactor nginx ssl passthrough
 2017-04-20 16:43:44 -03:00
Nick Sardo
893a828587 Revert "Remove the code which get same resources twice" 2017-04-19 15:00:27 -07:00
Nick Sardo
74aff2eb7e Merge pull request #511 from FengyunPan/fix-backend 
Ignore err when delete a NotFound backends
 2017-04-18 22:17:07 -07:00
Manuel de Brito Fontes
de14e2f4f1 Refactor ssl-passthroug using go to handle TLS hello 2017-04-19 01:39:14 -03:00
FengyunPan
e913c37651 Ignore err when delete a NotFound backend 
1. add() should return nil at last
2. do not return err when delete a notFound backend
 2017-04-19 12:07:51 +08:00
Nick Sardo
d2c7e9008f Merge pull request #510 from FengyunPan/delete_redundant 
Remove the code which get same resources twice
 2017-04-18 20:07:41 -07:00
Justin Santa Barbara
322be61522 Compute server_names_hash_bucket_size correctly 
There were some edge cases where we did not calculate hash_bucket_size
correctly.

Fix #623
 2017-04-18 22:29:51 -04:00
FengyunPan
d42f4942bc Remove the code which get same resources twice 
There is no need to get the same ingress resources from
ingressclient twice.
 2017-04-19 09:46:06 +08:00
Nick Sardo
642cb74cc7 [GLBC] Support backside re-encryption (#519) 
Support backside re-encryption
 2017-04-18 12:44:17 -07:00
Manuel de Brito Fontes
aba45a01ad Process exited cleanly before we hit wait4 2017-04-16 20:04:32 -03:00
Manuel Alejandro de Brito Fontes
cd6a2123c4 Merge pull request #607 from aledbf/master 
Allow custom server_names_hash_max_size & server_names_hash_bucket_size
 2017-04-14 22:20:38 -03:00
Manuel Alejandro de Brito Fontes
4817ddff3a Merge pull request #604 from jonaskint/master 
Fixing wildcard in hostname for the upstream map
 2017-04-14 21:07:41 -03:00
Manuel de Brito Fontes
9994365ae4 Allow custom server_names_hash_max_size and server_names_hash_bucket_size values 2017-04-14 20:59:10 -03:00
Jonas Kint
a7b09e71a1 Fixing wildcard in hostname for the upstream map 2017-04-13 17:27:20 +02:00
Manuel de Brito Fontes
256cd6b1df Replace custom child reap code with go-reap 2017-04-12 20:20:18 -03:00
Manuel Alejandro de Brito Fontes
3810515663 Merge pull request #583 from stibi/patch-1 
fixed lua_package_path in nginx.tmpl
 2017-04-12 17:04:05 -03:00
Manuel de Brito Fontes
6038e17728 Remove Host header from auth_request proxy configuration 2017-04-12 09:37:03 -03:00
Manuel Alejandro de Brito Fontes
9ff3b86315 Merge pull request #588 from aledbf/avoid-multiple-reads 
Read resolv.conf file just once
 2017-04-11 15:35:38 -03:00
Manuel de Brito Fontes
8f3f51367a Remove test because of the refactoring 2017-04-11 14:50:28 -03:00
Nick Sardo
987540f8f6 [GLBC] Update firewall source ranges if outdated (#574) 
check firewall rule source ranges
 2017-04-11 09:01:42 -07:00
Manuel de Brito Fontes
190788848a Read resolv file just oncce 2017-04-11 11:47:49 -03:00
Martin Stiborsky
beb17f39ab fixed lua_package_path in nginx.tmpl 
I did my own build of the nginx-ingress-controller and its docker image, but I had troubles with the `error_page.lua` module, which couldn't be loaded, there was an error in the log, module was not found.

I think the lua package path is wrong, here is a fix.
 2017-04-11 09:43:33 +02:00
Manuel Alejandro de Brito Fontes
64d0b08128 Merge pull request #577 from aledbf/avoid-childs 
Avoid zombie child processes
 2017-04-09 15:29:04 -03:00
Manuel de Brito Fontes
25bb7e4311 Set different listeners per protocol version 2017-04-09 15:03:27 -03:00
Manuel de Brito Fontes
1c6c4273c9 Avoid child processes 2017-04-09 13:58:03 -03:00
Nick Sardo
7c635a8c83 Merge pull request #570 from nicksardo/pkg-rename 
Renaming few remaining packages
 2017-04-07 07:21:14 -07:00
Nick Sardo
5b37d2b315 Rename packages from api to api_v1 2017-04-06 22:27:50 -07:00
Manuel Alejandro de Brito Fontes
7ca7652ab2 Merge pull request #563 from aledbf/hsts-preload 
Add option to disable hsts preload
 2017-04-05 23:20:35 -03:00
Manuel Alejandro de Brito Fontes
427c5c747c Merge pull request #556 from aledbf/update-nginx-controller 
Update nginx version and remove dumb-init
 2017-04-05 22:54:43 -03:00
Manuel de Brito Fontes
cbe4029597 Add option to disable hsts preload 2017-04-05 22:48:43 -03:00
Nick Sardo
12a0373d2e Merge pull request #539 from aledbf/migrate-client-go 
Migrate to client-go
 2017-04-05 13:50:21 -07:00
Manuel de Brito Fontes
e492a4b396 Add flag to specify the api server url 2017-04-05 10:10:34 -03:00
Manuel de Brito Fontes
62c13fb7bc Update nginx version and remove dumb-init 2017-04-04 17:59:54 -03:00
Manuel Alejandro de Brito Fontes
0fe0d6f504 Merge pull request #551 from gianrubio/review-prometheus 
Build namespace and ingress class as label
 2017-04-04 11:55:23 -03:00
Manuel de Brito Fontes
e0561ddeb9 Update nginx and generic controller 2017-04-04 11:51:50 -03:00
Manuel de Brito Fontes
c7c2a564a9 Update gce controller 2017-04-04 11:51:50 -03:00
Giancarlo Rubio
197acf0f2b Build namespace and ingress class as label 2017-04-04 16:23:40 +02:00
Manuel Alejandro de Brito Fontes
22c3226377 Merge pull request #550 from gianrubio/fix-args 
Fix args
 2017-04-04 09:16:43 -03:00
Giancarlo Rubio
c21f7ce666 OverrideFlags was called before parsing arguments (arguments was always empty) 
correct args order for newStatsCollector
 2017-04-04 13:15:06 +02:00
Manuel Alejandro de Brito Fontes
79f8019c5b Merge pull request #493 from aledbf/update-nginx 
Update nginx and vts module
 2017-04-03 19:33:05 -03:00
Manuel de Brito Fontes
bc68f9eea3 Update nginx and vts module 2017-04-02 16:07:38 -03:00
Manuel de Brito Fontes
4103537ea1 Fix lint errors 2017-04-02 11:07:07 -03:00
Manuel Alejandro de Brito Fontes
02cd3ce885 Merge pull request #225 from electroma/nginx/extauth_headers 
Support for http header passing from external authentication service
 2017-04-01 20:40:29 -03:00
Manuel Alejandro de Brito Fontes
c14d0d852b Merge pull request #532 from aledbf/ssl_ecdh_curve 
Add setting to configure ecdh curve
 2017-03-31 11:55:44 -03:00
Manuel de Brito Fontes
8e41bdd3d4 Add setting to configure ecdh curve 2017-03-30 23:23:14 -03:00
Manuel de Brito Fontes
3fc79625e6 Fix link to examples 2017-03-30 23:13:43 -03:00
Manuel de Brito Fontes
7e86cfe64b Fix link to custom nginx configuration 2017-03-30 23:01:45 -03:00
Manuel de Brito Fontes
cf82f694de Avoid negative values configuring the max number of open files 2017-03-30 10:10:47 -03:00
Manuel Alejandro de Brito Fontes
39feaf10df Merge pull request #516 from aledbf/workers-auto 
Convert WorkerProcesses setting to string to allow the value auto
 2017-03-28 19:59:22 -03:00
Manuel de Brito Fontes
1278a97dc6 Convert WorkerProcesses setting to string to allow the value auto 2017-03-28 19:58:09 -03:00
Andreas Kohn
9dcac88b3d Fix typos regarding the ssl-passthrough annotation documentation 2017-03-27 10:19:21 +02:00
Manuel de Brito Fontes
40f9064ca3 Add information about SSL Passthrough annotation 2017-03-26 17:25:05 -03:00
Manuel Alejandro de Brito Fontes
f5211458ce Merge pull request #454 from danielqsj/master 
Pass request port to real server
 2017-03-26 08:01:11 -03:00
rsafronov
6d07d32003 Merge branch 'upstream' into nginx/extauth_headers 2017-03-24 20:25:18 -04:00
Canh Ngo
46a42a2905 Adds support for CORS with Authorization header 2017-03-23 16:17:47 +01:00
Canh Ngo
df76382055 Adds support for CORS on error responses 2017-03-23 16:17:37 +01:00
Nick Sardo
116fbe8c33 Merge pull request #477 from nicksardo/glbc-service-watch 
[GLBC] Sync ingress when default backend service is modified.
 2017-03-22 13:08:30 -07:00
Nick Sardo
a94d31e87d glbc: watch backend service 2017-03-22 13:07:37 -07:00
Nick Sardo
0a75f42884 Merge pull request #479 from matthewg/master 
Add 35.191.0.0/16 range to GCE firewalls
 2017-03-22 10:22:46 -07:00
Thomas Peitz
3b55e09e23 Remove unnecessary quote in nginx log format 2017-03-22 15:48:15 +01:00
Matthew Sachs
04b87d5945 Add 35.191.0.0/16 range to GCE firewalls (issue #478) 2017-03-22 00:18:26 -07:00
Nick Sardo
509aaf10c6 Merge pull request #472 from nicksardo/git-ignore-glbc 
[gce] Add .gitignore
 2017-03-21 12:43:19 -07:00
shijunqian
43469a8179 Pass request port to real server 2017-03-21 10:33:11 +08:00
Nick Sardo
3706f32639 git ignore glbc 2017-03-20 16:36:18 -07:00
chentao1596
37bdb3952e fix all go style mistakes about fmt.Errorf 2017-03-17 08:35:55 +08:00
Manuel Alejandro de Brito Fontes
c25936df62 Merge pull request #427 from rikatz/app-root-redirect 
Adds support for root context redirection
 2017-03-16 07:32:30 -03:00
Manuel Alejandro de Brito Fontes
3d681cda78 Merge pull request #430 from ohmystack/fix-baseurl 
Fix add-base-url
 2017-03-15 19:37:44 -03:00
Kirill Levin
23c45340be fix nginx-udp-and-udp on same port 2017-03-15 20:45:21 +03:00
Manuel de Brito Fontes
350c5f2c03 Remove snake oil certificate generation 2017-03-15 08:23:25 -03:00
Jeff Grafton
071ac58564 Fix a few bugs in the nginx-ingress-controller Makefile 
* make 'clean' use the new path to the built binary
* make 'container' depend on 'build'
 2017-03-14 14:50:52 -07:00
Tim Hockin
3dd746136b Merge pull request #434 from aledbf/0.9-beta.3 
Release 0.9-beta.3
 2017-03-14 10:54:45 -07:00
Manuel de Brito Fontes
1aa8223889 Release 0.9-beta.3 2017-03-14 12:19:37 -03:00
caiyixiang
3b152e6aa7 0 2017-03-14 19:19:21 +08:00
Lee Calcote
c10c0fb196 Update README.md 
Missing 'e' in achieve
 2017-03-13 22:10:29 -05:00
rsafronov
7034e1de69 Merge remote-tracking branch 'upstream/master' into nginx/extauth_headers 
# Conflicts:
#	core/pkg/ingress/annotations/authreq/main.go
 2017-03-13 15:04:37 -04:00
ohmystack
bbeb9a766c Fix add-base-url 
The "base" tag is used for completing a relative link in current page
by browser, so it should stay the same with the base url of current
page.
 2017-03-14 01:04:35 +08:00
Ricardo Pchevuzinske Katz
0e5d3ca9e9 Adds support for root redirection, and improves rewrite documentation 2017-03-13 12:03:47 -03:00
Ricardo Katz
c41e6bd82f Merge 04af55af3c into 0cb8f59f70 2017-03-12 22:09:42 +00:00
Ricardo Pchevuzinske Katz
04af55af3c Adds support for root context redirection 2017-03-12 19:06:10 -03:00
Manuel de Brito Fontes
e702c55820 Fix build 2017-03-12 18:11:03 -03:00
Manuel de Brito Fontes
7ba389c1d0 Cleanup collection of prometheus metrics 2017-03-10 16:47:08 -03:00
Giancarlo Rubio
1d38e3a384 Scrap json metrics from nginx vts 
upgrade vts to the latest version
 2017-03-10 09:25:56 -03:00
Manuel Alejandro de Brito Fontes
dd7f8b4a97 Merge pull request #408 from gianrubio/fix-links 
Review docs
 2017-03-10 07:26:24 -03:00
Nick Sardo
db96c9d574 Merge pull request #406 from tonglil/static-ip-debug 
Add debug info and fix spelling
 2017-03-09 09:41:48 -08:00
Nick Sardo
0a21901687 Merge pull request #401 from chentao1596/gc-healthcheckers-unittest 
add unit test cases for controllers/gce/healthchecks
 2017-03-09 09:39:55 -08:00
Manuel Alejandro de Brito Fontes
a5f8af70bf Merge pull request #410 from aledbf/colemickens-signin-url 
Add support for "signin url"
 2017-03-09 11:21:42 -03:00
chentao1596
468815e986 add unit test cases for controllers/gce/healthchecks 2017-03-09 10:16:41 +08:00
Cole Mickens
09e6aabce4 Add auth-signin annotation 2017-03-08 20:24:01 -03:00
Manuel de Brito Fontes
c173985af0 Allow custom http2 header sizes 2017-03-08 20:00:16 -03:00
Giancarlo Rubio
a2edde35fc fix some broken links 
upgrade all nginx examples to latest version
moved some examples from contrib to this repo
 2017-03-08 22:22:31 +01:00
Tony Li
62fcc400b8 add debug info and fix spelling 2017-03-08 12:55:33 -05:00
Gorka Lerchundi Osa
e1c1dfadc7 allow specifying custom dh param 
fixes #162
 2017-03-08 15:32:32 +01:00
Giancarlo Rubio
63b5f2f1c5 add configuration to disable listening on ipv6 2017-03-08 13:29:02 +01:00
Manuel Alejandro de Brito Fontes
f1062e07bc Merge pull request #369 from xialonglee/patch-1 
Minor text fix for "ApiServer"
 2017-03-08 07:09:32 -03:00
Nick Sardo
31eab3880b Merge pull request #384 from timstclair/busybox 
Rebase GLBC on alpine:3.5
 2017-03-07 17:19:17 -08:00
Manuel Alejandro de Brito Fontes
d6620ead2c Merge pull request #397 from aledbf/fix-external-auth 
Fix external auth
 2017-03-07 21:36:53 -03:00
Nick Sardo
61a03033f7 Merge pull request #386 from itamaro/patch-1 
Fix glbc usage string
 2017-03-07 15:08:17 -08:00
Tony Li
7000924dc5 GCE pre-shared cert fixes (#395) 
* pick up changes to the external cert referenced by lb

* less prone way to check if cert should be deleted
 2017-03-07 15:05:21 -08:00
Manuel de Brito Fontes
bebd596b3f Listen customization must be done just in one place 2017-03-07 19:50:24 -03:00
Tim St. Clair
1023056c3b
Rebase GLBC on busybox 2017-03-07 13:49:43 -08:00
Tony Li
e1d1445370 GCE/GKE "pre-shared" TLS cert (#291) 
* add allow-named-tls annotation

* works for setting tls

* fix logs (mostly)

* add ssl cert annotation

* return an error when cert not found

* use annotation if specified, otherwise use spec

* add TODO on naming

* use the annotation key from k8s

* add unit test for HTTPS LB w/ cert annotation

* refactor logic and check for error

* move annotation to controller package

* remove todo for function naming
 2017-03-07 13:42:41 -08:00
craigmonson
6e6aae6c29 Update README.md 
fix broken link to config maps
 2017-03-07 15:09:50 -05:00
Manuel de Brito Fontes
484bd43111 Fix http2 header size 2017-03-07 14:42:59 -03:00
Victor Unegbu
dfdcdfde0b remove tmp nginx-diff files 2017-03-07 09:59:10 -06:00
Itamar Ostricher
6f3139a79e Fix glbc usage string 
1. Typo in `glbc` binary name
2. Typo in `running-in-cluster` flag
3. Remove non-existing flag `--default-backend-node-port`
 2017-03-07 12:09:12 +02:00
chentao1596
1417a3a818 add copyright 2017-03-07 15:34:31 +08:00
Nick Sardo
a6e38221ee Merge pull request #278 from csbell/fw-name 
Extend ConfigMap to store fwrule names
 2017-03-06 10:37:20 -08:00
Manuel de Brito Fontes
f0c758eed2 Fix custom log format 2017-03-06 12:33:51 -03:00
Manuel Alejandro de Brito Fontes
de8b9b8df2 Merge pull request #370 from foxylion/force-ssl-redirect-documentation 
Add documentation for ingress.kubernetes.io/force-ssl-redirect
 2017-03-05 22:11:05 -03:00
Manuel de Brito Fontes
cd924f5522 Avoid duplication of ReadConfig function 2017-03-04 18:35:33 -03:00
Manuel de Brito Fontes
1473f64fb0 Remove SPDY reference 2017-03-04 18:35:33 -03:00
Manuel de Brito Fontes
3c0fb01ba2 Add warning when the ingress controller uses a custom class 2017-03-04 18:35:33 -03:00
Manuel de Brito Fontes
2399be867e Cleanup custom log format configuration 2017-03-04 18:35:33 -03:00
Jakob Jarosch
74d57c9502 Add documentation for ingress.kubernetes.io/force-ssl-redirect 
refs #314 #365
 2017-03-03 20:29:43 +01:00
Peter Lee
0b6f4d2770 Minor text fix for "ApiServer" 
It looks a little weird to apply camel case style for the noun "apiserver", i didn't see somewhere else spelling it in that way.
 2017-03-04 00:40:07 +08:00
Manuel Alejandro de Brito Fontes
75124bc9f1 Merge pull request #356 from gianrubio/patch-1 
Disable listen only on ipv6 and fix proxy_protocol
 2017-03-03 09:50:43 -03:00
Manuel Alejandro de Brito Fontes
6cd21f7dea Merge pull request #362 from gianrubio/fix-ingress-class 
Fix ingress class
 2017-03-03 09:49:59 -03:00
Manuel Alejandro de Brito Fontes
3b2f668f39 Merge pull request #367 from gianrubio/customize-logformat 
BuildLogFormatUpstream was always using the default log-format
 2017-03-03 09:43:48 -03:00
Manuel Alejandro de Brito Fontes
9f39abc019 Merge pull request #365 from pwillie/forcesslredirect 
add ForceSSLRedirect ingress annotation
 2017-03-03 09:05:02 -03:00
Giancarlo Rubio
1e5081baf2 BuildLogFormatUpstream function was always using the default log-format-upstream, 2017-03-03 13:03:49 +01:00
caiyixiang
482293b99d add_judgment 2017-03-03 15:17:32 +08:00
Peter Wilson
1a72b3f775 add ForceSSLRedirect ingress annotation 2017-03-03 16:44:29 +11:00
Aaron Roydhouse
336f3cb108 Fix error caused by increasing proxy_buffer_size (#363) 
This fixes the bug raised in #363, by increasing the size of the proxy_buffers (memory allocation) to match the size of the proxy buffer. This leaves the default values (with no ingress setting) unchanged:
```
proxy_buffer_size      4k
proxy_buffers            4 4k
```
If 'proxy-buffer-size' is set, then now both the buffer size and the memory allocation size is increased:
```
proxy_buffer_size     "{{ $location.Proxy.BufferSize }}";
proxy_buffers           4 "{{ $location.Proxy.BufferSize }}";
```
I have been using this patch with 0.8.3 and 0.9.0-beta.2.
 2017-03-02 16:11:27 -05:00
rsafronov
05526e4a66 Merge remote-tracking branch 'upstream/master' into nginx/extauth_headers 
# Conflicts:
#	controllers/nginx/pkg/template/template.go
 2017-03-02 14:46:18 -05:00
Christian Bell
68097e96dc Better logging and address review comments 2017-03-02 10:54:32 -08:00
Giancarlo Rubio
2ddba72baa Fix ingress class 2017-03-02 16:50:31 +01:00
Giancarlo Rubio
0ca3aef0f5 Add ability to customize upstream and stream log format 2017-03-01 18:47:11 +01:00
Giancarlo Rubio
90fdea751b Disable listen only on ipv6 and fix proxy_protocol 
- Always listen on ipv4 address for port 443
- Rollback previous PR #227 that broke the proxy_protocol when passthroughBackends is disabled
 2017-03-01 15:31:00 +01:00
Christian Bell
b259c9b349 First stab at extending the "uid" configmap to store firewall 
rule information.
 2017-02-28 10:49:31 -08:00
rsafronov
d3b952552a minor: formatting 2017-02-27 16:34:42 -05:00
electroma
c8eda8f17f Merge branch 'master' into nginx/extauth_headers 2017-02-27 16:28:11 -05:00
Manuel de Brito Fontes
02d44ccbaa Fix client source IP address 2017-02-26 19:01:07 -03:00
Manuel Alejandro de Brito Fontes
0aabfba848 Merge pull request #235 from rikatz/ingress-ssl-auth 
Adds correct support for TLS Muthual autentication
 2017-02-25 20:34:28 -03:00
Piotr Szczesniak
fd7990de67 Expose Prometheus metrics in glbc controller 2017-02-25 18:30:00 +01:00
Manuel Alejandro de Brito Fontes
8f23451c24 Merge pull request #221 from tonglil/typos 
Typo: unittesting -> unit testing
 2017-02-25 08:12:53 -03:00
Manuel Alejandro de Brito Fontes
712b60f197 Merge pull request #222 from tonglil/fix-log-message 
Change arg ordering in log message
 2017-02-25 08:12:41 -03:00
Manuel Alejandro de Brito Fontes
3f2592128c Merge pull request #224 from tonglil/check-error 
Check for error getting cert
 2017-02-25 08:12:25 -03:00
Ricardo Pchevuzinske Katz
a342c0bce3 Adds correct support for TLS Muthual autentication and depth verification 
modified:   controllers/nginx/configuration.md
	modified:   controllers/nginx/rootfs/etc/nginx/template/nginx.tmpl
	modified:   core/pkg/ingress/annotations/authtls/main.go
	modified:   core/pkg/ingress/controller/backend_ssl.go
	modified:   core/pkg/ingress/controller/controller.go
	modified:   core/pkg/ingress/controller/util_test.go
	modified:   core/pkg/ingress/resolver/main.go
	modified:   core/pkg/ingress/types.go
	modified:   core/pkg/net/ssl/ssl.go
	modified:   examples/PREREQUISITES.md
	new file:   examples/auth/client-certs/nginx/README.md
	new file:   examples/auth/client-certs/nginx/nginx-tls-auth.yaml
 2017-02-24 22:49:01 -03:00
Manuel de Brito Fontes
84324af140 Refactoring of TCP and UDP services 2017-02-24 20:14:43 -03:00
Manuel Alejandro de Brito Fontes
33ab550290 Merge pull request #332 from aledbf/snippets 
Add annotation to customize nginx configuration
 2017-02-24 18:39:45 -03:00
Giancarlo Rubio
704a18cec9 Add support for proxy cookie path/proxy cookie domain 2017-02-24 16:06:30 +01:00
Marcin Owsiany
192c551abb Fix for formatting error introduced in #304. 
Why don't we fail the travis build when go fmt is unhappy?
 2017-02-24 12:05:31 +01:00
Manuel de Brito Fontes
a20c287614 Add annotation to customize nginx location configuration 2017-02-23 16:48:59 -03:00
Manuel Alejandro de Brito Fontes
964aa0a15a Merge pull request #295 from tangle329/master 
We need check content, when cmd failed.
 2017-02-23 00:28:13 -03:00
Manuel de Brito Fontes
7013a52ee5 Return sorted endpoints 2017-02-22 14:41:44 -03:00
Manuel de Brito Fontes
036892fb96 Release 0.9.0-beta.2 2017-02-22 14:41:43 -03:00
Manuel Alejandro de Brito Fontes
5ab0f284b0 Merge pull request #306 from caiyixiang/modifyNGINXreadme 
modify nginx readme
 2017-02-20 08:01:31 -03:00
Manuel Alejandro de Brito Fontes
463ff2b453 Merge pull request #304 from caiyixiang/changeSStoSSL 
change 'buildSSPassthrouthUpstreams' to 'buildSSLPassthroughUpstreams'
 2017-02-20 08:00:15 -03:00
chentao1596
a74fe3426a Add docs for body-size annotation 2017-02-20 18:01:57 +08:00
caiyixiang
488d89db18 modify nginx readme 2017-02-20 15:58:16 +08:00
Tang Le
c0f0cb2ff7 Check content when cmd failed 
Signed-off-by: Tang Le <at28997146@163.com>
 2017-02-20 10:34:05 +08:00
caiyixiang
e68abf067b change 'buildSSPassthrouthUpstreams' to 'buildSSLPassthroughUpstreams' 2017-02-20 10:30:37 +08:00
Prashanth B
cb60085b17 Merge pull request #299 from bprashanth/owners 
Add more assignees and approvers
 2017-02-18 04:17:39 +05:30
Manuel de Brito Fontes
8fd12b26ba Change nginx variable to use in filter of access_log 2017-02-17 18:21:46 -03:00
bprashanth
7e02e9adaa Add more assignees and approvers 2017-02-17 10:47:56 -08:00
Manuel Alejandro de Brito Fontes
e603066d92 Merge pull request #290 from aledbf/update-nginx 
Update nginx version in ingress controller to 1.11.10
 2017-02-17 15:46:52 -03:00
Manuel Alejandro de Brito Fontes
5fab1e99fe Merge pull request #296 from aledbf/fix-rewrite 
Fix rewrite regex to match the start of the URL and not a substring
 2017-02-17 15:12:18 -03:00
Manuel de Brito Fontes
77221b3555 Fix rewrite regex to match the start of the URL and not a substring 2017-02-17 11:04:57 -03:00
Tang Le
e26efd0b08 We need check content, when cmd failed. 
Signed-off-by: Tang Le <at28997146@163.com>
 2017-02-17 19:11:56 +08:00
Prashanth B
3d9f89be1d Merge pull request #293 from tonglil/gcloud-docker 
Update makefile gcloud docker command
 2017-02-17 07:07:25 +05:30
Tony Li
f32ef32489 do the same for nginx 2017-02-16 17:12:33 -08:00
Prashanth B
698c08402a Merge pull request #258 from rikatz/nginx-sticky-annotations 
Nginx sticky annotations
 2017-02-17 05:27:18 +05:30
Tony Li
5f8a40d392 update makefile docker command 2017-02-16 14:49:35 -08:00
Manuel de Brito Fontes
2d0971d6b0 Update nginx version in ingress controller to 1.11.10 2017-02-16 15:10:14 -03:00
Manuel Alejandro de Brito Fontes
b5819d8f4d Merge pull request #246 from aledbf/set-headers 
Add support for custom proxy headers using a ConfigMap
 2017-02-16 07:35:57 -03:00
Manuel Alejandro de Brito Fontes
111f338fa3 Merge pull request #272 from aledbf/refactor-annotation-parsers 
Fix error getting class information from Ingress annotations
 2017-02-16 07:35:34 -03:00
Ricardo Pchevuzinske Katz
e5c9c788a5 Correct the configuration.md reference to annotations 2017-02-16 08:31:01 -02:00
Manuel Alejandro de Brito Fontes
a8b89677d6 Merge pull request #275 from aledbf/pass-headers 
Pass headers to custom error backend
 2017-02-14 18:05:22 -03:00
Manuel de Brito Fontes
0cdc4bd8ba Pass headers to custom error backend 2017-02-14 17:43:31 -03:00
Manuel de Brito Fontes
5c9bf12648 Fix error getting class information from Ingress annotations 2017-02-14 11:02:23 -03:00
Arnd Hannemann
f46aedd7a2 Fix typo in nginx README 2017-02-14 10:06:44 +01:00
Manuel Alejandro de Brito Fontes
aa02b7e085 Merge pull request #244 from aledbf/annotations-docs 
Add information about cors annotation
 2017-02-13 17:59:47 -03:00
Ricardo Pchevuzinske Katz
a158e5fc5a Improve the session affinity feature 2017-02-12 21:13:39 -02:00
bprashanth
8ea814264d Add nginx README and configuration docs back 2017-02-10 10:59:40 -08:00
Ricardo Pchevuzinske Katz
6809319318 Adds support for configuring stickness per Ingress 2017-02-10 12:24:16 -02:00
Ricardo Pchevuzinske Katz
79e186cb77 New sticky session configuration 2017-02-10 01:33:23 -02:00
Ricardo Pchevuzinske Katz
d0c4e0d713 Adds support for disabling the entire access_log 2017-02-09 21:20:12 -02:00
Prashanth B
2119b23cb8 Merge pull request #251 from bprashanth/balancing_mode 
Balancing mode UTILIZATION -> RATE
 2017-02-10 00:23:23 +05:30
bprashanth
9b305f1954 Flip version to 0.9.1 2017-02-08 19:31:59 -08:00
bprashanth
3f618d7dca Add unittest 2017-02-08 19:31:55 -08:00
bprashanth
bc8b658a5c Be more specific about the type of error to retry on 2017-02-08 17:27:53 -08:00
bprashanth
24d9aada11 Set balancing mode 2017-02-08 15:15:48 -08:00
rsafronov
4c2b2512f5 Merge branch 'upstream' into nginx/extauth_headers 2017-02-08 16:57:03 -05:00
Manuel de Brito Fontes
5cc5669938 Add support for custom proxy headers using a ConfigMap 2017-02-07 17:00:23 -03:00
Leszek Charkiewicz
ee484aa19f Fix wrong URL in nginx ingress configuration 2017-02-07 20:26:11 +01:00
Manuel de Brito Fontes
c83d46ef86 Add information about cors annotation 2017-02-07 11:17:25 -03:00
Manuel Alejandro de Brito Fontes
4eb527d4a9 Merge pull request #228 from tangle329/master 
Fix worker check issue
 2017-02-07 09:36:55 -03:00
caiyixiang
229250f419 changeUDP 2017-02-07 14:35:39 +08:00
Manuel de Brito Fontes
36f842c011 Add information about proxy_protocol in port 442 2017-02-04 21:29:35 -03:00
Manuel Alejandro de Brito Fontes
e35e5bfce5 Merge pull request #227 from justinsb/use_proxy_protocol 
proxy_protocol on ssl_passthrough listener
 2017-02-04 21:22:47 -03:00
Justin Santa Barbara
8d71557b13 Remove proxy_protocol from 442 listener 
The proxy_protocol processing should only happen once, on the
"external-facing" listeners.
 2017-02-04 19:02:24 -05:00
Justin Santa Barbara
6fa461c2a7 proxy_protocol on ssl_passthrough listener 
Move proxy_protocol to listener.

Fix #207
 2017-02-04 02:38:36 -05:00
Tang Le
008c47c2d3 Fix worker check issue 
Signed-off-by: Tang Le <at28997146@163.com>
 2017-02-04 15:37:06 +08:00
rsafronov
302fa5f4bb Added: support for http header passing from external authentication service response 2017-02-03 19:43:15 -05:00
Tony Li
fbdacb2a67 comment on skipping the error check 2017-02-03 18:23:07 -05:00
Tony Li
404e0712db check for error getting cert 2017-02-03 17:24:24 -05:00
Tony Li
881ddba90d change arg ordering in log message 2017-02-03 15:13:08 -05:00
Jeff Grafton
bc020f1370 Always docker --pull when building to fetch latest base images 2017-02-01 19:04:23 -08:00
bprashanth
3a37607138 Change nginx controller image to 0.9.0-beta.1 2017-01-30 12:13:06 -08:00
Prashanth B
910b706f8f Merge pull request #181 from aledbf/0.9 
WIP: Release 0.9.0
 2017-01-30 10:55:59 -08:00
Tim Hockin
df6f1ab5c6 Merge pull request #185 from bprashanth/named_port 
Match named port between container and probe
 2017-01-27 17:25:39 -08:00
bprashanth
7d709d5e93 Match named port between container and probe 
We were previous matching the target port with the readiness probe, and
hence dropping the case where the container port and the probe had the
same name, but the target port did not.
 2017-01-27 14:22:44 -08:00
Manuel de Brito Fontes
2887daaf78 Release 0.9.0 2017-01-27 18:23:15 -03:00
Manuel de Brito Fontes
c3ac562429 Fix template error 2017-01-27 17:52:09 -03:00
Tony Li
0278034bcf unittesting -> unit testing 2017-01-26 15:17:12 -05:00
Manuel Alejandro de Brito Fontes
87d4145c76 Merge pull request #178 from aledbf/proxy-name 
Add initialization of proxy variable
 2017-01-26 16:50:20 -03:00
Ricardo Pchevuzinske Katz
cc1413261f Allows the usage of Default SSL Cert 2017-01-26 16:51:55 -02:00
Manuel de Brito Fontes
2baa1def46 Add initialization of proxy variable 2017-01-26 11:52:48 -03:00
Manuel de Brito Fontes
ec67f83305 Refactoring sysctlFSFileMax helper 2017-01-26 00:10:33 -03:00
Prashanth B
0f7102a356 Merge pull request #174 from aledbf/update-nginx-1119 
Update nginx to 1.11.9
 2017-01-25 13:58:24 -08:00
Manuel de Brito Fontes
08eda50ebb Update nginx to 1.11.9 2017-01-25 15:16:31 -03:00
Justin Ryan
96df5b3d55 Clarify usage of Ingress backend.servicePort 2017-01-25 09:52:50 -05:00
Manuel Alejandro de Brito Fontes
099fba21c8 Merge pull request #165 from tangle329/master 
Fix rate limit issue when more than 2 servers enabled in ingress
 2017-01-25 07:35:25 -03:00
Tang Le
c0aca1833a Fix rate limit issue when more than 2 servers enabled in ingress 
Signed-off-by: Tang Le <at28997146@163.com>
 2017-01-24 16:19:28 +08:00
Peter Sutherland
8fae080cce Remove SPDY documentation as it is broken 2017-01-23 14:50:52 +00:00
Peter Sutherland
e665072eaa Document more parameters and list defaults 2017-01-23 14:20:21 +00:00
Peter Sutherland
6c8792d80a Add whitelist-source-range to config map docs 2017-01-23 13:34:15 +00:00